Review the error log for information about why the site doesn’t validate. To do this, click Error Log in the Enable Server-Based SharePoint Integration wizard after the validate sites stage is completed.

The enable server-based SharePoint integration validation check can return one of the following four types of failures.

This failure indicates that the SharePoint server could not be accessed from where the validation check was run. Verify that the SharePoint URL that you entered is correct and that you can access the SharePoint site and site collection by using a web browser from the computer where the Enable Server-Based SharePoint Integration wizard is running. More information: TechNet: Troubleshooting hybrid environments (SharePoint)

This failure can also occur if an incorrect URL is entered in the Enable Server-Based SharePoint Integration wizard or if there is a problem with the digital certificate used for server authentication.

This failure can occur when the claims-based authentication types do not match. For example, in a hybrid deployment such as Microsoft Dynamics 365 (online) to SharePoint on-premises, when you use the default claims-based authentication mapping, the Microsoft account email address used by the Microsoft Dynamics 365 (online) user must match the SharePoint user’s Work email. More information: Selecting a claims-based authentication mapping type

This issue can occur when the claims-based authentication mapping that is used provides a situation where the claims type values don’t match between Microsoft Dynamics 365 and SharePoint. For example, this issue can occur when the following items are true:

This issue can occur when there are two self-signed certificates located in the local certificate store that have the same subject name.

Notice that this issue should only occur when you use a self-signed certificate. Self-signed certificates should not be used in production environments.

To resolve this issue, remove the certificates with the same subject name that you don’t need using the Certificate Manager MMC snap-in and note the following.

Important

It can take up to 24 hours before the SharePoint cache will begin using the new certificate. To use the certificate now, follow the steps here to replace the certificate information in Microsoft Dynamics 365.

To resolve this issue by following the steps in this article, the existing certificate cannot be expired.

Replace a certificate that has the same subject name

Use an existing or create a new and self-signed certificate. The subject name must be unique to any certificate subject names that are registered in the local certificate store.

Run the following PowerShell script against the existing certificate, or the certificate that you created in the previous step. This script will add a new certificate in Microsoft Dynamics 365, which will then be replaced in a later step. For more information about the CertificateReconfiguration.ps1PowerShell script see, Prepare Microsoft Dynamics 365 Server for server-based integration.

The remote server returned an error: (400) Bad Request error message can occur after the certificate installation, such as when you run the CertificateReconfiguration.Ps1 script.

The Register-SPAppPrincipal: The requested service, 'http://wgwitsp:32843/46fbdd1305a643379b47d761334f6134/AppMng.svc' could not be activated error message can occur when you grant Microsoft Dynamics 365 permission to access SharePoint by running the Register-SPAppPrincipal command.

To resolve both of these errors after they occur, restart the web server where the Microsoft Dynamics 365 web application is installed. More information: Start or Stop the Web Server (IIS 8)

Applies to: All Microsoft Dynamics 365 versions when used with Microsoft SharePoint Online

This error can be returned to the user who doesn’t have site permissions or the user has had permissions removed from the SharePoint site where Microsoft Dynamics 365 document management is enabled. Currently, this is a known issue with SharePoint Online where the error message that is displayed to the user doesn’t indicate that the user’s permissions are not sufficient to access the site.